From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63662 Path: news.gmane.org!not-for-mail From: Daiki Ueno Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: Security flaw in pgg-gpg-process-region? Date: Tue, 05 Sep 2006 14:06:00 +0900 Message-ID: <99d9e329-f374-464a-baad-80c02d2a3382@broken.deisui.org> References: <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org> <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org> <87fyjz2gaj.fsf@pacem.orebokech.com> <8980fd83-08b6-4aef-97f2-a659cd2eadb2@well-done.deisui.org> <180dcf90-af71-4f6d-b0d0-57d364218c73@broken.deisui.org> <6d43cc51-e472-405c-b372-dba7ef5a914d@broken.deisui.org> <2234179d-6686-49f4-b38b-b06788041225@well-done.deisui.org> <854pvnsetc.fsf@lola.goethe.zz> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1157432798 25041 80.91.229.2 (5 Sep 2006 05:06:38 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 5 Sep 2006 05:06:38 +0000 (UTC) Cc: Reiner.Steib@gmx.de, rms@gnu.org, ding@gnus.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 05 07:06:36 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GKT8s-0003wr-3c for ged-emacs-devel@m.gmane.org; Tue, 05 Sep 2006 07:06:34 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GKT8r-00039Q-Dg for ged-emacs-devel@m.gmane.org; Tue, 05 Sep 2006 01:06:33 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GKT8S-00037k-Hy for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:08 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GKT8Q-00036S-Ke for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:08 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GKT8Q-00036O-FW for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:06 -0400 Original-Received: from [64.233.166.177] (helo=py-out-1112.google.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1GKTJ5-0004lx-Sy for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:17:08 -0400 Original-Received: by py-out-1112.google.com with SMTP id d42so2350038pyd for ; Mon, 04 Sep 2006 22:06:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:cc:subject:references:date:in-reply-to:message-id:user-agent:mime-version:content-type:sender; b=OuqKDY9N7bU53ChDCHXM7e8leEf3KsOVmgU7RVcrB6amzu+bFDO4DM+D9bn1YZd4ScLSfRkaKA5OCoO84B/BPArEC6SbxZHdR0jmyBQp12ddxer0IChJ4rRqeqc6Sel+7Pe07Lg6HYLpUuxZUywBTCchuEZTJedhjSXKAzciLo0= Original-Received: by 10.35.105.18 with SMTP id h18mr9257853pym; Mon, 04 Sep 2006 22:06:05 -0700 (PDT) Original-Received: from p360 ( [150.82.173.221]) by mx.gmail.com with ESMTP id 7sm3945740nzo.2006.09.04.22.06.03; Mon, 04 Sep 2006 22:06:04 -0700 (PDT) Original-To: David Kastrup In-Reply-To: <854pvnsetc.fsf@lola.goethe.zz> (David Kastrup's message of "Mon\, 04 Sep 2006 19\:48\:47 +0200") User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:59350 gmane.emacs.gnus.general:63662 Archived-At: >>>>> In <854pvnsetc.fsf@lola.goethe.zz> >>>>> David Kastrup wrote: > Daiki Ueno writes: > > Second, (1) causes a problem which forbids using ISO-8859-1 > > characters in passphrases. So he proposed (2), but it was not a > > correct fix (passphrases should be encoded in locale-coding-system > > rather than just making them unibyte) and it was not working before > > the reversion. I think this is not so important problem, since it > > can be avoided by using ASCII only passphrases in practice. > Passphrases exist outside of Emacs, and you don't have the option of > just typing something else. In theory you are right. However, since GnuPG treats passphrase input as a byte sequence not characters, if you set your passphrase on a ISO-8859-1 terminal, you can't input the same passphrase on any UTF-8 terminals. Anyway, I fixed it in Gnus CVS so that passphrases are encoded with locale-coding-system. I'm not sure if we should add a new user option to control the encoding. Regards, -- Daiki Ueno